Описание
Security update for opera
This update for opera fixes the following issues:
Update to version 76.0.4017.154
- CHR-8420 Update chromium on desktop-stable-90-4017 to 90.0.4430.212
- DNA-92411 Bookmarks breadcrumbs wrong color when pressed in dark mode
- DNA-92587 Sync settings: “Use old password” button doesn’t work
- DNA-92672 Make it possible for agent to inject scripts into startpage
- DNA-92712 Add SD reload API
- DNA-93190 The bookmark can’t be opened in Workspace 5-6
- DNA-93247 Reopen last closed tab shortcut opens random tab on new window
- DNA-93294 Binary diff for opera_browser.dll is not created on 32-bit builds
- DNA-93313 Add opauto test to cover DNA-93190
- DNA-93368 Fix an error in Polish translation
- DNA-93408 [Windows] widevine_cdm_component_installer does not compile on desktop-stable-90-4017
- The update to chromium 90.0.4430.212 fixes following issues:
CVE-2021-30506, CVE-2021-30507, CVE-2021-30508, CVE-2021-30509, CVE-2021-30510, CVE-2021-30511, CVE-2021-30512, CVE-2021-30513, CVE-2021-30514, CVE-2021-30515, CVE-2021-30516, CVE-2021-30517, CVE-2021-30518, CVE-2021-30519, CVE-2021-30520
Список пакетов
openSUSE Leap 15.3 NonFree
Ссылки
- E-Mail link for openSUSE-SU-2021:0828-1
- SUSE Security Ratings
- SUSE CVE CVE-2021-30506 page
- SUSE CVE CVE-2021-30507 page
- SUSE CVE CVE-2021-30508 page
- SUSE CVE CVE-2021-30509 page
- SUSE CVE CVE-2021-30510 page
- SUSE CVE CVE-2021-30511 page
- SUSE CVE CVE-2021-30512 page
- SUSE CVE CVE-2021-30513 page
- SUSE CVE CVE-2021-30514 page
- SUSE CVE CVE-2021-30515 page
- SUSE CVE CVE-2021-30516 page
- SUSE CVE CVE-2021-30517 page
- SUSE CVE CVE-2021-30518 page
- SUSE CVE CVE-2021-30519 page
- SUSE CVE CVE-2021-30520 page
Описание
Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a privileged page via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30506
- SUSE Bug 1185908
Описание
Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30507
- SUSE Bug 1185908
Описание
Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to enable certain features in Chrome to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30508
- SUSE Bug 1185908
Описание
Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page and a crafted Chrome extension.
Затронутые продукты
Ссылки
- CVE-2021-30509
- SUSE Bug 1185908
Описание
Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30510
- SUSE Bug 1185908
Описание
Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30511
- SUSE Bug 1185908
Описание
Use after free in Notifications in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30512
- SUSE Bug 1185908
Описание
Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30513
- SUSE Bug 1185908
Описание
Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30514
- SUSE Bug 1185908
Описание
Use after free in File API in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30515
- SUSE Bug 1185908
Описание
Heap buffer overflow in History in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30516
- SUSE Bug 1185908
Описание
Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30517
- SUSE Bug 1185908
Описание
Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30518
- SUSE Bug 1185908
Описание
Use after free in Payments in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious payments app to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30519
- SUSE Bug 1185908
Описание
Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30520
- SUSE Bug 1185908